U.S. patent application number 11/808698 was filed with the patent office on 2008-12-18 for computer system protection.
This patent application is currently assigned to Broadcom Corporation. Invention is credited to Ashwin Thiagarajan.
Application Number | 20080313725 11/808698 |
Document ID | / |
Family ID | 39691109 |
Filed Date | 2008-12-18 |
United States Patent
Application |
20080313725 |
Kind Code |
A1 |
Thiagarajan; Ashwin |
December 18, 2008 |
Computer system protection
Abstract
Methods, systems, and computer program products for computer
system protection are provided. Embodiments protect against
unauthorized access to information on stolen and/or illegally
transported computer systems. Embodiments include locking of
functionalities within a computer system when the computer system
moves outside a designated area. Embodiments include limiting
access to functionalities within the computer system based on the
location of the computer system. Embodiments of the present
invention include allowing variable levels of access protection
depending on the location of the computer system.
Inventors: |
Thiagarajan; Ashwin;
(Irvine, CA) |
Correspondence
Address: |
STERNE, KESSLER, GOLDSTEIN & FOX P.L.L.C.
1100 NEW YORK AVENUE, N.W.
WASHINGTON
DC
20005
US
|
Assignee: |
Broadcom Corporation
Irvine
CA
|
Family ID: |
39691109 |
Appl. No.: |
11/808698 |
Filed: |
June 12, 2007 |
Current U.S.
Class: |
726/9 |
Current CPC
Class: |
G06F 21/35 20130101;
G06F 21/88 20130101 |
Class at
Publication: |
726/9 |
International
Class: |
G06F 7/04 20060101
G06F007/04 |
Claims
1. A method for protecting access to information on a computer
system having a first level of authentication, comprising:
detecting when said computer system moves outside a designated
area; and communicating a token with said computer system upon its
moving outside the designated area; wherein said token triggers a
second level authentication when said computer system is
subsequently started outside the designated area, and wherein
failure of said second level of authentication results in locking
of functionalities within said computer system.
2. The method of claim 1, wherein said communicating step comprises
communication with radio frequency (RF) communication components
integrated within said computer system.
3. The method of claim 2, wherein said RF communication components
are integrated within a LAN On Motherboard (LOM) network adapter,
said adapter integrated within a motherboard of said computer
system.
4. The method of claim 2, wherein said communicating step comprises
communicating with said RF communication components regardless of
the power mode of said computer system at the time of
communication.
5. The method of claim 2, wherein said communication components
comprise a Global Positioning System (GPS) receiver.
6. The method of claim 1, wherein said detecting step comprises
comparing global positioning coordinates of said computer system
against a range of global positioning coordinates that defines the
designated area.
7. The method of claim 1, wherein said communicating step comprises
communicating said token with said computer system when said
computer system is within the designated area.
8. The method of claim 7, wherein said token communicated within
the designated area is activated when said computer system moves
outside the designated area.
9. The method of claim 2, wherein said RF communication components
comprise a wireless radio transceiver.
10. The method of claim 1, wherein said detecting step is performed
by a centralized surveillance system.
11. The method of claim 1, wherein said detecting step comprises
detecting a code associated with said computer system.
12. The method of claim 1, wherein said communicating step
comprises communicating said token with said computer system when
said computer system is outside the designated area.
13. The method of claim 1, wherein said communicating step
comprises downloading said token inside the designated area to said
computer system and activating the token outside the designed area
when said computer system is outside the designated area.
14. The method of claim 1, further comprising: registering in a
database a plurality of answers to a respective plurality of secret
questions, wherein said answers are selected by and associated with
a legitimate user of said computer system; and registering in said
database a plurality of user passwords selected by said legitimate
user, wherein each of said passwords is associated with one
corresponding pair of secret question and respective answer.
15. The method of claim 14, further comprising: generating said
token based on one or more of a current password associated with
said legitimate user and an exit time of said computer system from
the designated area, wherein said token includes a secret question
from said plurality of secret questions, a respective answer from
said plurality of answers, and a password associated with said
secret question and answer.
16. The method of claim 15, further comprising upon a starting of
said computer system: (a) prompting for and receiving user input to
said current password associated with said legitimate user; (b)
verifying said user input to said current password; (c) prompting
for and receiving user input to said secret question included in
said token, if password verification is successful in step (b); (d)
verifying said user input to said secret question using said
respective answer included in said token; (e) prompting for and
receiving user input to said password associated with said secret
question and answer, if verification is successful in step (d); and
(f) verifying said user input to said associated password; and (g)
allowing user access to functionalities of said computer system if
said verification in step (f) is successful.
17. The method of claim 16, wherein said second level of
authentication includes steps (c) through (f).
18. The method of claim 16, further comprising: (h) locking of
functionalities within said computer system if any of said
verifying steps is successively failed for a determined number of
times.
19. The method of claim 1, wherein said second level of
authentication can be bypassed by docking said computer system to
an associated network system within said designated area.
20. The method of claim 1, wherein said locking of functionalities
within said computer system includes blocking access to one or more
of the operating system, hard drives, and external drives
associated with said computer system.
21. The method of claim 1, wherein said token triggers limited
access to certain functionalities within said computer system when
said computer system moves outside the designated area, regardless
of the result of said second level authentication.
22. The method of claim 1, wherein said certain functionalities
include one or more of printing documents, network access, and
access to external drives.
23. The method of claim 1, wherein said first level of
authentication acts both inside and outside the designated
area.
24. A system for protecting access to information on a computer
system having a first level of authentication, comprising: a
centralized surveillance system configured to detect when said
computer system moves outside a designated area; a database
configured to store authentication information associated with a
legitimate user of said computer system; and a radio frequency (RF)
communication system configured to communicate a token with said
computer system upon its moving outside the designated area;
wherein said token includes authentication information from said
database and is configured to trigger a second level of
authentication when said computer system is subsequently started
outside the designated area.
25. The system of claim 24, further comprising: a radio frequency
(RF) transceiver integrated within a LAN On Motherboard (LOM)
network adapter, integrated within a motherboard of said computer
system.
26. The system of claim 24, further comprising: a Global
Positioning System (GPS) receiver integrated within said computer
system, wherein said GPS receiver is configured to generate
position coordinates of said computer system and download said
token if said computer system is outside said designated area.
27. The system of claim 24, wherein said database includes a
plurality of answers to a respective plurality of secret questions,
said answers selected by and associated with said legitimate user
of said computer system.
28. The system of claim 27, wherein said database further includes
a plurality of user passwords selected by said legitimate user, and
wherein each of said passwords is associated with one corresponding
pair of said secret questions and answers.
29. The system of claim 24, wherein said centralized surveillance
system comprises: a detector configured to generate detection
signals when said computer system moves outside the designated
area; and a controller coupled to said detector and configured to
receive said detection signals from said detector.
30. The system of claim 24, wherein said controller is further
configured to communicate with said database and to retrieve
authentication information associate with said computer system.
31. The system of claim 24, wherein said controller is further
configured to control said RF communication system to communicate
with said computer system.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates generally to computing
security, and more particularly to increased access protection in
computer systems.
[0003] 2. Background Art
[0004] Information theft and illegal transportation is a
challenging problem with large amounts of information to protect
and the competing need to share information effectively.
[0005] One aspect of information theft includes the theft or
illegal transportation of computer systems outside designated areas
such as campuses or workplaces, for example. As these computer
systems may contain personal, confidential, and/or classified
information, computer access protection upon theft or illegal
transportation is needed.
[0006] Current technology does not adequately address this serious
problem. Indeed, save for mere operating system password
protection, many computer systems lack protection from theft and/or
illegal transportation.
[0007] Computer system protection methods, systems, and computer
program products are therefore needed to protect against
information theft from stolen and/or illegally transported computer
systems.
BRIEF SUMMARY OF THE INVENTION
[0008] Methods, systems, and computer program products for computer
system protection are provided herein.
[0009] Embodiments of the present invention protect against
unauthorized access to information on stolen and/or illegally
transported computer systems.
[0010] Embodiments of the present invention include methods,
systems, and computer program products to detect when a computer
system moves outside a designated area.
[0011] Embodiments of the present invention include methods,
systems, and computer program products to trigger a second level of
authentication when a computer system moves outside a designated
area.
[0012] Embodiments of the present invention include methods,
systems, and computer program products to lock functionalities
within the computer system when the computer system moves outside a
designated area.
[0013] Embodiments of the present invention include blocking access
to one or more of the operating system, hard drives, and external
drives of the computer system.
[0014] Embodiments of the present invention include methods,
systems, and computer program products to allow limited access to
functionalities within the computer system based on the location of
the computer system. These functionalities may include one or more
of printing documents, network access, and access to external
drives.
[0015] Embodiments of the present invention include methods,
systems, and computer program products to allow variable levels of
access protection depending on the location of the computer
system.
[0016] Embodiments of the present invention can be implemented
using RF-based communication, InfraRed (IF)-based communication,
and/or GPS-based communication.
[0017] Embodiments of the present invention function regardless of
the power mode of the computer system upon its moving outside a
designated area.
[0018] Further embodiments, features, and advantages of the present
invention, as well as the structure and operation of the various
embodiments of the present invention, are described in detail below
with reference to the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS/FIGURES
[0019] The accompanying drawings, which are incorporated herein and
form a part of the specification, illustrate the present invention
and, together with the description, further serve to explain the
principles of the invention and to enable a person skilled in the
pertinent art to make and use the invention.
[0020] FIG. 1 is an example scenario that illustrates the operation
of a computer access protection system.
[0021] FIG. 2 illustrates an example centralized surveillance
system.
[0022] FIG. 3 illustrates an example computer system configured to
function within the system of FIG. 1.
[0023] FIG. 4 illustrates an example computer system configured to
function within the system of FIG. 1.
[0024] FIG. 5 illustrates an example computer system configured to
function within a GPS-based computer access protection system.
[0025] FIG. 6 illustrates an example database that can be used by
the system of FIG. 1.
[0026] FIG. 7 is a process flowchart of a method for protecting
access to information on a computer system.
[0027] FIG. 8 is a process flowchart of an additional or a second
level of authentication process triggered by an information access
protection system on a computer system.
[0028] FIG. 9 illustrates an example computer useful for
implementing components of the invention.
[0029] The present invention will be described with reference to
the accompanying drawings. Generally, the drawing in which an
element first appears is typically indicated by the leftmost
digit(s) in the corresponding reference number.
DETAILED DESCRIPTION OF EMBODIMENT(S)
Introduction
[0030] One aspect of information theft includes the theft or
illegal transportation of computer systems outside designated
areas. As these computer systems may contain personal,
confidential, and/or classified information, computer access
protection upon theft or illegal transportation is needed.
[0031] Methods, systems, and computer program products for computer
system protection are provided herein.
[0032] Embodiments of the present invention protect against
unauthorized access to information on stolen and/or illegally
transported computer systems.
[0033] Embodiments of the present invention include methods,
systems, and computer program products to detect when a computer
system moves outside a designated area.
[0034] Embodiments of the present invention include methods,
systems, and computer program products to trigger additional
authentication when a computer system moves outside a designated
area.
[0035] Embodiments of the present invention include methods,
systems, and computer program products to lock of functionalities
within the computer system when the computer system moves outside a
designated area.
[0036] Embodiments of the present invention include blocking access
to one or more of the operating system, hard drives, and external
drives of the computer system.
[0037] Embodiments of the present invention include methods,
systems, and computer program products to allow limited access to
functionalities within the computer system based on the location of
the computer system. These functionalities may include one or more
of printing documents, network access, and access to external
drives.
[0038] Embodiments of the present invention include methods,
systems, and computer program products to allow variable levels of
access protection depending on the location of the computer
system.
[0039] Embodiments of the present invention can be implemented
using Radio Frequency (RF)-based communication, or InfraRed
(IF)-based communication, and/or GPS-based communication.
[0040] Embodiments of the present invention function regardless of
the power mode of the computer system upon its moving outside a
designated area.
[0041] Detailed description of embodiments of the present invention
will now be provided.
Computer System Protection
[0042] FIG. 1 is an example scenario 100 of a computer access
protection system. Example scenario 100 illustrates a computer
system 102 and a computer access protection system 104, within a
designated area 116. Designated area 116 may be any defined area,
including, for example, a school, office building, multi-building
corporate campus, house, hospital, police station, fire station,
central office, power plant, or research facility.
[0043] Computer system 102 can be any commercially available and/or
well known computer capable of performing the functions described
herein. In an embodiment, computer system 102 is a laptop computer.
Computer system 102 has a first level of authentication that is
carried out both within and outside designated area 116. For
example, this first level of authentication includes performing an
operating system authentication function.
[0044] Computer access protection system 104 is a communication and
control system configured to control access to computer system 102
based on the location of computer system 102. In example scenario
100, computer access protection system 104 is illustrated as
positioned within designated area 116. Embodiments of the present
invention are not limited to this embodiment. As would be
understood by a person skilled in the art based on the teachings
herein, computer access protection system 104 can be located fully
or partially within or outside designated area 116.
[0045] In example 100, computer access protection system 104
includes a centralized surveillance system 110, a database 106, and
a radio frequency (RF) communication system 108. In other
embodiments, one or more subsystems of computer access protection
system 104 may be integrated to form other subsystems.
[0046] Centralized surveillance system 110 is configured to detect
when computer system 102 moves outside designated area 116. In an
embodiment, as illustrated in FIG. 2, centralized surveillance
system 110 includes a controller 202 and a detector 204.
[0047] Controller 202 controls the operation of one or more
subsystems of computer access protection system 104. In an
embodiment, controller 202 communicates with detector 204 to
configure detector 204 to detect computer system 102 and/or to
receive detection signals from detector 204. Controller 202 also
communicates with database 106 and RF communication system 108 of
computer access protection system 104.
[0048] In an embodiment, computer system 102 registers with
computer access protection system 104, which causes authentication
information associated with a legitimate user of computer system
102 to be generated and stored in database 106. In addition,
registration may associate a detection code with computer system
102.
[0049] Centralized surveillance system 110, through controller 202,
may access database 106 to retrieve the detection code associated
with computer system 102 and may use the detection code to
configure detector 204 to detect computer system 102. In an
embodiment, detector 204 is configured to generate and transmit
detection signals to controller 202 when computer system 102 moves
outside designated area 116. For example, detector 204 may be
positioned at an exit gate 114 of designated area 116 so as to
detect computer system 102 exiting designated area 116. Other
techniques to detect when computer system 102 moves outside
designated area 116 may also be used as would be understood by a
person skilled in the art based on the teachings herein.
[0050] In an embodiment, upon receiving a detection signal from
detector 204 indicating that computer system 102 is moving outside
designated area 116, controller 202 communicates with database 106
to generate and/or retrieve authentication information associated
with computer system 102. Controller 202 then communicates with RF
communication system 108 to wirelessly convey a token 112 to
computer system 102. Token 112 includes authentication information
associated with the legitimate user of computer system 102 and is
used to trigger a second level of authentication when computer
system 102 is subsequently started outside designated area 116.
[0051] In another embodiment, centralized surveillance system 110
conveys token 112 to computer system 102 when computer system 102
is within designated area 116 and activates the token when computer
system 102 moves outside designated area 116.
[0052] Database 106 of computer access protection system 104 can be
any storage system capable of performing the database functions
described herein. Database 106 may be located proximately or
remotely with respect to centralized surveillance system 110 and/or
RF communication system 108. In an embodiment, database 106 stores
authentication information associated with legitimate users of
computer systems, such as computer system 102, registered with
computer access protection system 104. Further example embodiments
of database 106 are provided below in FIG. 6.
[0053] RF communication system 108 of computer access protection
system 104 can be any RF communication system capable of performing
the wireless communication functions described herein. For example,
RF communication system 108 may be a wireless radio transceiver in
embodiments using two-way communication with computer system 102.
Alternatively, RF communication system 108 may be a wireless radio
transmitter in embodiments using one-way communication with
computer system 102. In other embodiments (not illustrated in FIG.
1), RF communication system 108 may be replaced with an Infra-Red
(IR) and/or a dual RF/IR communication system. As would be
understood by a person skilled in the art based on the teachings
herein, RF communication system 108 can be located within or
outside designated area 116, as long as it is reliably able to
communicate with computer system 102.
[0054] As described above, computer system 102 can be any
commercially available and/or well known computer capable of
performing the functions described herein, including a laptop
computer. In an embodiment 300, illustrated in FIG. 3, computer
system 102 includes RF communication components 302, which are used
to communicate with RF communication system 108 of computer access
protection system 104. For example, RF communication components 302
may include a wireless RF transceiver or a wireless RF receiver. In
other embodiments (not illustrated in FIG. 3), RF communication
components 302 may be replaced with IR communication components
and/or dual RF/IF communication components.
[0055] RF communication components 302 are distinct from wireless
local area network (WLAN) components 304, which may also be
available within computer system 304. RF communication components
302 may be integrated within existing hardware components of
computer system 102 or as independent components. In an embodiment
400, illustrated in FIG. 4, RF communication components 302 are
integrated within a LAN On Motherboard (LOM) network adapter 404 of
computer system 102. LOM network adapter 404 is typically
integrated within a motherboard 402 of computer system 102.
[0056] Access protection for computer system 102 will be enabled
when computer system 102 moves outside designated area 116,
regardless of the power mode that computer system 102 may be in at
the time of its moving outside designated area 116. For example,
computer system 102 may be ON, OFF, in Standby mode, or in
Hibernation/Sleep mode at the time of its moving outside designated
area 116. As such, RF communication components 302 will need to
communicate with computer access protection system 104, regardless
of the power mode of computer system 102, and, consequently,
require some form of power supply at all times.
[0057] One advantage therefore of embodiment 400 includes
eliminating the need for additional power supply circuitry to
provide continuous power to RF communication components 302. This
is because, by integrating RF communication components 302 within
LOM network adapter 404, RF communication components 302 would
benefit from the fact that LOM network adapter 404 generally
receives power at all times from the battery of computer system
302. This is typically the case in order to enable a Wake On LAN
feature of LOM network adapter 404 for remotely waking up computer
system 102.
[0058] FIG. 5 illustrates another example embodiment 500 of
computer system 102, which may be used in a GPS-based computer
access protection system.
[0059] According to this embodiment, computer access protection is
not limited to securing computer system 102 based on its location
with respect to a designated area but can be extended to enable
additional or a second level of authentication based on global
positioning information of computer system 102. For example, using
a token similar to token 112 of FIG. 1, the computer access
protection system can trigger additional or a second level
authentication when computer system 102 moves outside and/or inside
one or more designated areas. The designated areas may be defined
using one or more ranges of global positioning coordinates.
[0060] To enable GPS-based computer access protection, computer
system 102 may include a GPS receiver 502. GPS receiver 502
receives signals from a plurality of satellite systems 504 and
generates global positioning coordinates of computer system 102.
When computer system 102 is started, the generated global
positioning coordinates are compared against the one or more
designated areas included in the token and corresponding levels of
protection are accordingly enabled. As would be appreciated by a
person skilled in the art based on the teachings herein, one or
more levels of computer access protection (having different levels
of access to and/or blocking of functionalities) can be used
depending on within which of the one or more designated areas
computer system 102 is.
[0061] In an alternative embodiment, when computer system 102 is
started, computer system 120 compares the generated global
positioning coordinates against one or more designated areas to
decide whether or not to download a token, which enables the added
computer protection.
[0062] FIG. 6 illustrates an example embodiment 600 of database 106
of the system of FIG. 1. As described above, authentication
information associated with a legitimate user of computer system
102 is generated and stored in database 106 when computer system
102 registers with computer access protection system 104. In an
embodiment, a legitimate user "A" of computer system 102 enters one
or more answers 606 in response to one or more secret questions 604
during the registration process. User "A" further associates one or
more passwords 608 with each secret question/answer pair, to
generate an authentication table 602. It is noted that secret
questions 604 in example embodiment 600 are provided for the
purpose of illustration only. Questions of other types and/or
content can also be used.
[0063] Authentication table 602 is subsequently used to generate a
token when computer system 102 moves outside designated area 116.
In an embodiment, the token includes a secret question, a
corresponding answer, and an associated password from
authentication table 602. Selection from authentication table 602
may be performed randomly or, alternatively, based on a current
known password of computer system 102 and/or an exit time of
computer system 102 from the designated area. For example, if the
current known password of computer system 102 is identical or
similar to an associated password in table 602, the secret
question/answer pair corresponding to the associated password will
not be included in the token.
[0064] FIG. 7 is a process flowchart 700 of a method for protecting
access to information on a computer system. The computer system has
a first level of authentication, which is carried at any time that
the computer system is started. Process 700 begins in step 702,
which includes detecting when the computer system moves outside a
designated area. In an embodiment, step 702 includes detecting when
the computer system exits an exit gate of the designated area. For
example, step 702 may include detecting when the computer system
moves outside a school, office building, multi-building corporate
campus, house, hospital, police station, fire station, central
office, power plant, or research facility. Step 702 can be
performed by a centralized surveillance system.
[0065] Step 704 includes communicating a token with the computer
system upon its moving outside the designated area. In an
embodiment, step 704 is performed using one-way communication to
the computer system. Alternatively, step 704 is performed using
two-way communication between a computer access protection system
and the computer system.
[0066] Communication with the computer system includes
communicating with radio frequency (RF) communication components
integrated within the computer system. In an embodiment, the RF
communication components are integrated within a LAN On Motherboard
(LOM) network adapter, which is integrated within a motherboard of
the computer system. This allows communication with the RF
communication components, regardless of the power mode of the
computer system (ON, OFF, Standby, Hibernation). The RF
communication components may include a wireless radio transceiver,
a wireless radio receiver, and/or a Global Positioning System (GPS)
receiver.
[0067] Step 706 includes triggering additional or a second level of
authentication when the computer system is subsequently started
outside the designated area. In an embodiment, the additional or
second level of authentication is triggered by activation of the
token communicated with the computer system in step 704.
[0068] In step 708, the additional or second level of
authentication is performed by the user of the computer system.
[0069] If the additional or second level authentication is
successfully performed, step 710 includes allowing user access to
functionalities of the computer system. This may include, for
example, loading the operating system installed on the computer
system.
[0070] On the other hand, if the additional or second level of
authentication is failed by the user, step 712 includes blocking
access to functionalities of the computer system. This may include,
for example, blocking access to the operating system, hard drives,
and/or external drives associated with the computer system. Under
certain access blocking mechanisms, access blocking cannot be
bypassed by moving the hard drives of the computer system to
another system.
[0071] Unlocking of the functionalities may require a return of the
computer system to the designated area, docking of the computer
system with the computer access protection system 104, and/or other
resetting procedures by information technology (IT) personnel.
[0072] In another embodiment, the token triggers limited access to
certain functionalities within the computer system, regardless of
the result of the additional or second level of authentication. For
example, functionalities such as printing documents, network
access, and access to external drives may be blocked when the
computer system moves outside a designated area, regardless that
the additional or second level of authentication is successfully
performed by the user. This prevents any possible dissemination of
information contained on the computer system when the computer
system is outside the designated area.
[0073] FIG. 8 is a process flowchart 800 of the additional or
second level of authentication enabled by the method of FIG. 7 upon
a start up of the computer system. The additional or second level
of authentication is triggered by activation of a token
communicated with the computer system.
[0074] Process 800 begins in step 802, which includes prompting for
and receiving user input to a current password associated with a
legitimate user of the computer system.
[0075] Step 804 includes verifying the user input to the current
password.
[0076] If verification fails in step 804, process 800 returns to
step 802 to allow the user a second input attempt to the current
password.
[0077] If verification is successful in step 804, process 800
proceeds to step 806, which includes prompting for and receiving
user input to a secret question included in the token.
[0078] Step 808 includes verifying the user input to the secret
question using a respective answer, also included in the token.
[0079] If verification fails in step 808, process 800 returns to
step 806 to allow the user a second input attempt to the secret
question.
[0080] If verification is successful in step 808, process 800
proceeds to step 810, which includes prompting for and receiving
user input to a password associated with the secret question and
respective answer.
[0081] Step 812 includes verifying the user input to the associated
password.
[0082] If verification fails in step 812, process 800 returns to
step 810 to allow the user a second input attempt to the associated
password.
[0083] If verification is successful in step 812, process 800
proceeds to step 814, which includes allowing user access to
functionalities of the computer system.
[0084] In process 800, if verification in any of steps 804, 808,
and/or 812 is successively failed for a determined number of times
(e.g., three times), the additional or second level of
authentication process is failed and locking of functionalities
will occur. A re-start of the computer system will re-start process
800 in step 802.
EXAMPLE COMPUTER IMPLEMENTATION
[0085] In an embodiment of the present invention, the system and
components of the present invention described herein are
implemented using well known computers, such as computer 902 shown
in FIG. 9.
[0086] The computer 902 can be any commercially available and well
known computer capable of performing the functions described
herein, such as computers available from International Business
Machines, Apple, Sun, HP, Dell, Compaq, Digital, Cray, etc. The
computer 902 can be a laptop computer.
[0087] The computer 902 includes one or more processors (also
called central processing units, or CPUs), such as a processor 906.
The processor 906 is connected to a communication bus 904.
[0088] The computer 902 also includes a main or primary memory 908,
such as random access memory (RAM). The primary memory 908 has
stored therein control logic 928A (computer software), and
data.
[0089] The computer 902 also includes one or more secondary storage
devices 910. The secondary storage devices 910 include, for
example, a hard disk drive 912 and/or a removable storage device or
drive 914, as well as other types of storage devices, such as
memory cards and memory sticks. The removable storage drive 914
represents a floppy disk drive, a magnetic tape drive, a compact
disk drive, an optical storage device, tape backup, etc.
[0090] The removable storage drive 914 interacts with a removable
storage unit 916. The removable storage unit 916 includes a
computer useable or readable storage medium 924 having stored
therein computer software 928B (control logic) and/or data.
Removable storage unit 916 represents a floppy disk, magnetic tape,
compact disk, DVD, optical storage disk, or any other computer data
storage device. The removable storage drive 914 reads from and/or
writes to the removable storage unit 916 in a well known
manner.
[0091] The computer 902 also includes input/output/display devices
922, such as monitors, keyboards, pointing devices, etc.
[0092] The computer 902 further includes a communication or network
interface 918. The network interface 918 enables the computer 902
to communicate with remote devices. For example, the network
interface 918 allows the computer 902 to communicate over
communication networks or mediums 924B (representing a form of a
computer useable or readable medium), such as LANs, WANs, the
Internet, etc. The network interface 918 may interface with remote
sites or networks via wired or wireless connections.
[0093] Control logic 928C may be transmitted to and from the
computer 902 via the communication medium 924B. More particularly,
the computer 902 may receive and transmit carrier waves
(electromagnetic signals) modulated with control logic 930 via the
communication medium 924B.
[0094] Any apparatus or manufacture comprising a computer useable
or readable medium having control logic (software) stored therein
is referred to herein as a computer program product or program
storage device. This includes, but is not limited to, the computer
902, the main memory 908, the secondary storage devices 910, the
removable storage unit 916 and the carrier waves modulated with
control logic 930. Such computer program products, having control
logic stored therein that, when executed by one or more data
processing devices, cause such data processing devices to operate
as described herein, represent embodiments of the invention.
[0095] The invention can work with software, hardware, and/or
operating system implementations other than those described herein.
Any software, hardware, and operating system implementations
suitable for performing the functions described herein can be
used.
CONCLUSION
[0096] While various embodiments of the present invention have been
described above, it should be understood that they have been
presented by way of example only, and not limitation. It will be
apparent to persons skilled in the relevant art that various
changes in form and detail can be made therein without departing
from the spirit and scope of the invention. Thus, the breadth and
scope of the present invention should not be limited by any of the
above-described exemplary embodiments, but should be defined only
in accordance with the following claims and their equivalents.
* * * * *